Last Call Review of draft-ietf-opsec-lla-only-07
review-ietf-opsec-lla-only-07-secdir-lc-inacio-2014-04-03-00

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

Overall impression is that this is a well written draft, and I didn’t
particularly notice any editorial comments, although I wasn’t focused on that.

The entire draft is dedicated to an informational router configuration that
encourages using link local addressing on the non-public facing router
interfaces.  The draft, as a whole does a good job describing and referencing
previous work on configuration and mitigation  strategies to encourage a more
secure configuration.

My only feedback is that the Security Considerations section might also include
a sentence referencing all of the other RFC’s and guidance previously mentioned
in the document:

        For additional security considerations, as previously stated, see also:
         [RFC5837], [I-D.ietf-opsec-bgp-security].

and possible a statement saying that all other previous recommendations for
control plane security, etc.

I do understand if this recommendation is not acted upon, it is difficult to
summarize an entire document which is about configuration for security into a
single concise paragraph at the end of the document.

regards,
--
Chris Inacio
inacio at cert.org